SPARTA: Year One in Review (and v1.5 Updates)
Authors: Brandon Bailey, Brad Roeher, and Randi Tinney
SPARTA turned one year old last month and, since the launch in October 2022, nine versions/releases of SPARTA have taken place. It is recommended to keep an eye on the most current updates frequently as we will provide new information and features in the Update section.
Some noteworthy highlights from SPARTA’s first year:
- Blog area established — https://medium.com/the-aerospace-corporation/space-cyber/home
- ~25% increase in the number of TTPs {V1.0 TTPs=169 to V1.5 TTPs=213}
- ~25% increase in the number of countermeasures {V1.0 CMs=69 to V1.5 CMs=87}
- Mapping to standards/other frameworks
– ISO 27001 mapping — https://sparta.aerospace.org/countermeasures/iso
– D3FEND Mapping — https://sparta.aerospace.org/countermeasures/d3fend/techniques
– NIST 800–53 revision 5 — https://sparta.aerospace.org/countermeasures/references
– ESA’s SPACE-SHIELD techniques and mitigations are mapped to each relevant SPARTA technique or countermeasure - References added to the TTPs based on CyberInFlight database
- Added Working with SPARTA page that contains a STIX2 JSON file download as well as Excel export capability
- Several tools deployed that enhance usability and value of SPARTA data
– JSON Creator — https://sparta.aerospace.org/json-creator
– Attack chain tools — manually click or use JSON creator - Navigator — https://sparta.aerospace.org/navigator
- Countermeasure Mapper — https://sparta.aerospace.org/countermeasures/mapper
- Control Mapper — https://sparta.aerospace.org/countermeasures/references/mapper
– Notional Risk Scores — https://sparta.aerospace.org/notional-risk-scores
Several of the above updates were fostered by community input. As described on the Contribute Page, SPARTA solicits input from the community, which has been tremendous in year one. SPARTA has received input from the United States’ commercial and government sectors in addition to the international space community. SPARTA has also been showcased at conferences (e.g., CYSAT 2023, DEF CON 31), within news articles, as well as the CyberWire Podcast. Several of these are discussed on the General Information page within SPARTA.
Below are the specific updates for SPARTA version 1.5 which was released on October 17, 2023.
Version 1.5 Update #1: Control Mapper Tool
To further expand the mapping capabilities SPARTA provides, the team has created a Control Mapper tool. Similar to the Countermeasure Mapper, the Control Mapper allows users to select either NIST 800–53 Rev 5 control(s)/enhancement(s) or the ISO 27001 control(s) and generate visualizations of their coverage of SPARTA techniques/sub-techniques.
The Control Mapper tool allows users to build a security architecture, using familiar controls, for the spacecraft. Before selecting any control, all techniques/sub-techniques will appear in red. As the user selects a control, the colors will change based on the percent coverage for that particular TTP. The Green/Yellow/Orange indicates some level of coverage; Red indicates no coverage at all.
The control mapper provides a great tool to perform quick analysis across control baselines. For example, if a user was to compare TTP coverage when considering 800–53 controls listed in the NIST Cybersecurity Framework v1.1 to the NIST moderate baseline the below graphics would provide a quick visual indicator. The below graphics would indicate the necessity to generate custom spacecraft baselines for 800–53 versus the off the shelf control lists.
Similar to the Countermeasure Mapper, once done selecting controls, the user can export the data in a variety of ways, as several graphics, an Excel sheet, and as a JSON file for future use. The exported Excel workbook will report the selected controls, the TTPs covered, and the TTPs that are not covered in respective tabs. From a security engineering perspective, this coverage mapping will help ensure system designers can better understand where gaps and potential risk exists.
Version 1.5 Update #2: JSON Creator
To compliment the new mapper tool, the SPARTA team also included a JSON Creator tool. Rather than users meticulously clicking each technique/sub-technique in the Navigator tool, each countermeasure in the Countermeasure Mapper, or each control in the Control Mapper, the JSON Creator offers users the ability to copy and paste each option and get a resulting JSON file. These files can then be imported into the corresponding tool for visualization creation and coverage mapping.
Users can upload a variety of different types of lists with the JSON Creator. However, when pasting the various types of TTPs, countermeasures, and/or controls into the tool, they must use the same format that is utilized within SPARTA. The expected format of the controls MUST match the format within the Countermeasure section of SPARTA (NIST, ISO). For example, NIST controls must match control family-control number(enhancement number) with no leading zeros. This would look like AC-2(1) and not AC-02(1) or AC-02(01).
Version 1.5 Update #3: ESA Space Shield Mitigation Mapping
In SPARTA version 1.5, all SPARTA Countermeasures have been mapped to various ESA Space Shield Mitigations. These mappings allow for further definitions of countermeasures and mitigations that can be utilized to protect against various TTPs. Further, while these mitigations have been added to each Countermeasure information page, all Excel exports will also include these mappings for additional use.
Comments? Please visit the contribute page or email sparta@aero.org.
New to SPARTA on Medium? Catch up on the Aerospace TechBlog.